Bringing insights into TCP resets and timeouts to Cloudflare Radar
Cloudflare handles over 60 million HTTP requests per second globally, with approximately 70% received over TCP connections (the remaining are QUIC/UDP). Anomalous TCP connections occur when a connection is unexpectedly halted before any useful data exchange occurs. These connections can be closed due to various reasons such as scanners, sudden application shutdowns, network errors, attacks, and tampering. Cloudflare has launched a new dashboard and API endpoint on Cloudflare Radar that shows near real-time view of TCP connections to its network that terminate within the first 10 ingress packets due to resets or timeouts. Analyzing this anomalous behavior provides insights into scanning, connection tampering, DoS attacks, connectivity issues, and other behaviors.
Company
Cloudflare
Date published
Sept. 5, 2024
Author(s)
Luke Valenta
Word count
4739
Language
English
Hacker News points
None found.